Feeds

back to article Now Microsoft 'actively investigates' Surface slab jailbreak tool

Microsoft is suddenly serious about tackling RT Jailbreak, a slick tool that unlocks Surface tablets using a hack publicised just days earlier. A spokesperson for Microsoft’s Trustworthy Computing Group, tasked with Windows security, told The Register that Redmond is “actively investigating” the RT Jailbreak Tool v1 cooked up …

COMMENTS

This topic is closed for new posts.

Page:

Joke

Its not a bug....its a feature™.

Good ol' Micro$oft!

7
5
Anonymous Coward

Where there is one bug there will be many just like cockroaches.

5
2

Fuck me, a joke from the 90s.

1
1
Trollface

90s Jokes

Microsoft... Works ? LOLZ

7
0
Silver badge

@Mark Allread

90s? It's used in the game "Zork", from the 1970s. I'm pretty certain I remember my Dad using it in the 1960s ...

0
0
Bronze badge

It's not a security hole

until it costs us money

17
0
Silver badge
Stop

Re: It's not a security hole

Hard to see how it can possibly cost money.

Obviously, I'll be downvoted for appearing to "defend" Microsoft but this can't save them money in any way.

Think it through -

1. In order to run this jailbreak, you need to have a second machine with Visual Studio running a remote debugger session to the Windows RT device.

2. There is no pre-compiled ARM software out there for WinRT. You'd have to write your own.

3. Even if you did, the jailbreak does not - and cannot! - survive a boot. So one boot later, your imaginary software won't run unless you jailbreak the device again, using the VS remote debugger.

4. The stuff Microsoft charges for is Windows Store apps, and you can already sideload those - in fact, MSDN specifies exactly how to do it. Not exactly a big money-saving secret.

So, this article? Just more mudslinging. Or the author is technically illiterate and too lazy to check anything at all. Or both.

3
12
Bronze badge
Meh

Re: It's not a security hole

"does not - and cannot! - survive a boot."

"and you can already sideload those"

To my simple mind, that looks like a contradiction, so it could eventually turn into a security hole?

Above all now MS need to feel trusted, but money never seems to be far away from their thinking.

0
0

Re: It's not a security hole

1. In order to run this jailbreak, you need to have a second machine with Visual Studio running a remote debugger session to the Windows RT device.

For now. But there's blood in the water, and progress will be made. Put the kettle on - won't be long.

2. There is no pre-compiled ARM software out there for WinRT. You'd have to write your own.

The first ones will be permanent rootkits (malicous or intentional), and they'll be on the blackmarket in 3...2...1...

3. Even if you did, the jailbreak does not - and cannot! - survive a boot. So one boot later, your imaginary software won't run unless you jailbreak the device again, using the VS remote debugger.

Won't really matter if you've loaded your rootkit from step 2

4. The stuff Microsoft charges for is Windows Store apps, and you can already sideload those - in fact, MSDN specifies exactly how to do it. Not exactly a big money-saving secret.

Once I've got my rootkit running, I'll sideload, download, diagonalload, throughload and circleload to my hearts content. You might want to clarify that you need an enterprise licences to officially sideload.

9
2
Bronze badge

Re: a second machine with Visual Studio running a remote debugger

Nope, the packaged exploit is a standalone tool you simply run on the Rt device.

3
0
Silver badge

@Roger Greenwood

To my simple mind, that looks like a contradiction, so it could eventually turn into a security hole

No. The "jailbreak" is for Windows Desktop applications, assuming there any compiled for ARM which there aren't. Store Apps is the new term for Metro apps and those can be sideloaded by developers for testing anyway. Anyone can get a free key to allow this from MSDN.

So... no contradiction.

And Silverburn, you can't rootkit a UEFI Secure Boot (no matter how much you want to or you claim that such a thing is mean to linux) and all RT devices must have Secure Boot enabled.

1
2
Linux

Re: It's not a security hole

One of the things I hate most about Microsoft stuff, is all the bullshit you have to get up to - just to "do stuff" on it....

Registry hacks, blah blah blah blah.......

But I do like watching them flip from "Ahhhh ha ha ha - tis' a mere scratch.", and then go into panic mode as their holier than thou Naziware Cash Cow, starts looking like a walnut sitting twixt the vice jaws, a mere turn or three from being broken wide open.

Welcome to the "Linux Surface" - runs all your DRM free, Open Source apps...

But shit eh.... they might actually sell more of their Surface computers..... which is a lot better than almost none.

Doh!

But then again - they are too stupid to not leave well enough alone and will go out of their way to try and fuck that up as well.

Linux - likes Microsofts hardware.

4
1
Bronze badge

Re: assuming there any compiled for ARM which there aren't

There are several games, developer and admin tools available already, with more on the way.

3
0
Thumb Up

Re: It's not a security hole

@ Oh4FS

"twixt" - Illecebrous indeed.

1
0
Gav
Boffin

Re: It's not a security hole

" they might actually sell more of their Surface computers..... which is a lot better than almost none."

No, it's a lot worse if their business model is sell Surface cheap, make heaps of profit on the apps.

0
0

Re: a second machine with Visual Studio running a remote debugger

"..a standalone tool you simply run on the Rt device"

Isn't that catch-22 though? In order to be able to run any app, you have to run this app... I can't see MS putting it into their app-store any time soon!

0
1
Linux

Re: It's not a security hole - it's a financial disaster

1. In order to run this jailbreak, you need to have a second machine with Visual Studio running a remote debugger session to the Windows RT device.

Correct, but so what?

2. There is no pre-compiled ARM software out there for WinRT. You'd have to write your own.

Wrong. It's all over the 'net.

3. Even if you did, the jailbreak does not - and cannot! - survive a boot. So one boot later, your imaginary software won't run unless you jailbreak the device again, using the VS remote debugger.

Wrong. It can and does. You just have to apply two small patches.

4. The stuff Microsoft charges for is Windows Store apps, and you can already sideload those - in fact, MSDN specifies exactly how to do it. Not exactly a big money-saving secret.

Wrong. M$ are desperate to have an "App Store" like Apple and Android in their typical "me too" fashion. Their potential cash-cow has been bypassed, and they're really pissed about it. Once again M$ bungles.

NO MS software or operating system has EVER worked properly. Their coding ineptitude and their money-grabbing tactics have both been exposed yet again!

Game Over, Microsoft.

2
1
Bronze badge
Linux

Re: Game Over, Microsoft

That sounds like what I said some 5 years ago as I slid in a Live CD, and scraped WindblowZE from the hard drive of my 'puter.

It was a good feeling, becoming one with the penguin.

1
0
Anonymous Coward

Re: It's not a security hole

> Won't really matter if you've loaded your rootkit from step 2

If the EFI BIOS implements SecureBoot correctly, the BIOS will not pass control to any rootkit that lacks proper signing. I believe Windows 8 RT certification requires SecureBoot be enabled on the device, although Windows 8 certification does not.

0
0

Re: becoming one with the penguin

I became one with a penguin once. I am no longer allowed into any zoos.

0
0
Thumb Up

They should just leave it in...

...or have an on-off switch like Android devices, where the user can download what they want if they so choose.

But yes, as John Robson points out, it'll cost them cash to allow people to bypass the crappy Windows Store.

4
0
Silver badge

Re: They should just leave it in...

> But yes, as John Robson points out, it'll cost them cash to allow people to bypass the crappy Windows Store.

Or Amazon decides to set up an RT shop...

0
0

This post has been deleted by a moderator

Trollface

Re: Microsoft's vision -locked down computing

" It's an Orwellian vision of computers that can only be used with corporate operating systems."

Quite so. I can't imagine any other manufacturer wanting to lock down their hardware in this manner.

14
0
Anonymous Coward

Re: Microsoft's vision -locked down computing

Think about who Microsoft's target customers are, corporate users. To have a machine that they can lock down and control is what they want. Consumers obviously want otherwise.

Have you ever felt like you couldn't do something on your work machine and thought "I know, I'll hack it". If so then you deserve to be fired. You should accept this situation or lodge a complaint.

Rather than buy something which doesn't do what you want then look for workarounds or hacks, buy something that does what you want. Otherwise you're increasing the user-base and sales statistics, making it seem as if locked down is what everyone wants.

5
2
Gold badge

Re: Microsoft's vision -locked down computing

Trusted computing has been talked about for years now. Ever since 2004 there has been hardware support, Microsoft released a paper on it in 2002. Why are you surprised at this?

0
3

Re: Microsoft's vision -locked down computing

The day they do that, everyone jumps ship to Apple. Why? Because Apple do walled-garden far better than MS. Or, alternatively, the public revolts and sticks with their old freedom-loving hardware and tells the vendor to go shove it.

4
3
Silver badge
Facepalm

Re: Microsoft's vision -locked down computing

"Quite so. I can't imagine any other manufacturer wanting to lock down their hardware in this manner."

Indeed, and I can't imagine any other manufacturer who would produce a TV commercial suggesting that their systems break you out of that Orwellian vision!

3
0
Happy

Re: Microsoft's vision -locked down computing

If you want to compete with Apple, then you need to.. well.. compete with Apple, and that means checking for viruses before an app gets into the store and not on the device.

I thought the initial MS response was quite mature, but I guess they’re concerned that somebody will use to dump some buggy trash in to desktop, creating a market for McAfee

0
0
Thumb Down

Re: Microsoft's vision -locked down computing

> Have you ever felt like you couldn't do something on your work machine and thought "I know, I'll hack it". If so then you deserve to be fired.

What - just for *thinking* about it?!

> Think about who Microsoft's target customers are, corporate users.

And having said 'A'...

> Rather than buy something which doesn't do what you want then look for workarounds or hacks, buy something that does what you want.

.. this is 'B'.

8
0
Bronze badge

Re: Microsoft's target customers are, corporate users

You didn't see the Windows 8 adverts on the TV then?

2
0
Anonymous Coward

Re: Microsoft's vision -locked down computing

depends, if your support staff are such numpties that you cant do your job without filing a two week support request, and you need to do this thing every 2 or 3 days ina live environment.

When you complain you are told, ooops we have set it this way now we cant change it....

2
0

Re: Microsoft's vision -locked down computing

Hi, in what way do Apple do this better than MS? It seemed to me that Microsoft sat back and watched the two opposites (locked down iOS vs insecure Android), and plumped for a solution that veered massively towards the locked down model Apple had done.

0
1
Silver badge

@Pookietoo

If he's like most people, he saw the ads, but had no idea what they were for.

A few I've heard; iPad keyboard? New show about a dance school? Elderly people in love? Icecream?

1
0
FAIL

Re: Microsoft's vision -locked down computing

Surely you meant to pick the troll icon. But I use a computer to become more efficient, not to simply push bits of paper around using the approved tools. Microsoft of all people should know this deep in their soul because they were the prime beneficiaries of the move away from our-way-or-the-highway, white-coated priesthood of corporate computing int he 1970s. What we see now, with people running dropbox and google docs and messenger and god knows what else is that same drive to use computers on their own terms and not be dictated to.

The day we all restrict ourselves to approved apps and never look outside the box is the day our computers become irrelevant and the next upstart company gets their big break.

0
0
Anonymous Coward

Re: @Pookietoo

I thought I'd switched to BBC2 and was watching 'I Love 1987'.

0
0
Silver badge
Happy

Another MS ...

piece of super secure software.

4
1
Anonymous Coward

Re: Another MS ...

Any examples of total and absolute 'super secure' systems?

2
0
Silver badge

@AC15:13 (was: Re: Another MS ...)

A few commonly known variations I run include RS/400, OS/390, VMS and TOPS-10/20.

0
0
Silver badge

Re: @AC15:13 (was: Another MS ...)

> A few commonly known variations I run include RS/400, OS/390, VMS and TOPS-10/20.

Not really, which is why the banks don't put their mainframes directly on the internet.

0
1
Silver badge

@P. Lee (Was: Re: @AC15:13 (was: Another MS ...))

Yes, really. Mainframes aren't directly coupled to "The Internet" (whatever that is!) because there is no need, not because they are vulnerable. The first rule of system security is "if you don't have to connect it, don't!".

Note that many mainframes were connected directly to the internet during the NSFNet days ... I can't remember a major intrusion incident. Can you?

As a side-note, I have an early 1990s Amdahl running Slackware S/390 in an LPAR that has been internet accessible for five or six years. Unfortunately, that particular project seems to have become moribund in 2010, so I'll probably take her off-line shortly. No intrusions to date, despite me actually allowing the cognizant to try.

0
0
FAIL

Treacherous Computing

This is Microsoft 'Trusted' (aka Treacherous - http://www.gnu.org/philosophy/can-you-trust.html) Computing taken to the next level. You cannot run ANYTHING on the computer unless it is approved by Microsoft. Luckily there are now alternatives and if Microsoft carries on like this then they will lose market share. I just hope that this happens (to some extent), their realize the folly of this approach and learn from their mistakes. Computers should be there to allow people to use them in whatever way they want to - not for companies (like Microsoft, Apple or other proprietary vendors) to take that choice away.

3
0
Joke

It's obvious ...

Until someone actually went out and bought a Surface tablet they didn't have to worry. Now that they've actually *sold* one they're taking a much firmer line ...

8
1
Silver badge

No Microsoft.

Once I've bought the hardware. It's mine, and I'll run whatever I like on it.

Likewise, once I've bought the software, it's mine to use any way I feel like.

3
0
Black Helicopters

Re: No Microsoft.

The windmill is over that way -->

Tilt away man!

4
5

More Irrelevance

With its late-to-market products commanding miniscule market share, it is doubtful whether MS will ever become relevant in the tablet space. This is just one more reason they will fail. Anyone who wants freedom to install any software they like will be Android. Anyone who doesn't care will buy Apple.

6
0
Linux

Re: More Irrelevance

With its late-to-market products commanding miniscule market share, it is doubtful whether MS will ever become relevant in the tablet space

Yep - another "Zune"!!!

1
0
Silver badge

Appropriate action?

Appropriate action would be realizing that people with the desire and know how to jailbreak their devices will do it and not standing in their way. That's a fight that can't be won (or, at any rate, hasn't yet been won by any manufacturer). Better to reap the consumer goodwill that comes from applauding the minds that can do it than to play the expensive whack-a-mole game of trying to prevent jailbreaks.

Alas, it seems that less enlightened minds have overruled the smart people in Redmond who understand this rather simple concept.

1
1
Pirate

Wow

Its almost as if Microsoft still think it still belongs to them even after I bought it.

hay Microsoft. I paid for it. Mine now and I will jailbreak it if I want to.

4
0
FAIL

Re: Wow

Its almost as if Microsoft still think it still belongs to them even after I bought it.

The EULA actually suggests that they do. Like their "operating systems" - you can't buy them (even if you'd ever want to), you can only lease the right to use them. Their software remains "their" property. It's now going the same way with "their" hardware.....

0
0

Page:

This topic is closed for new posts.